A large expertise and knowledge gap exists between infosec professionals and lawyers.  On the one hand, infosec professionals may not want to prepare for the LSAT,  invest $100,000+, and three years on a legal education (+ preparing and sitting for the bar).  On the other hand, lawyers may not want to spend countless hours learning how to penetrate or defend a network or web application.  What we are generally left with are technically ignorant lawyers who only understand the law and legally ignorant professionals who only understand infosec.  The result of this gap creates a very narrow overlap of understanding between the two professions.  This gap decreases understanding, collaboration, efficiency and effectiveness.

This is where I come in: I am a lawyer &  I am an infosec professional.

My parents took me out of school when I was 13.  I have a GED (passed at 16 years old), an A.A. (Seattle Central Community College), a B.A. (University of Washington), a J.D. (Seattle University School of Law), an MSc (University of Oxford), and an LL.M (UC Berkeley School of Law).  I am a member of the New Hampshire Bar and the Washington DC Bar.

Since I was 13, I wanted to be a hacker.  I am a Certified Ethical Hacker (CEH), a Cylance Security Professional, Comptia Security+ certified, and a certified Junior Penetration Tester.  I am also a Certified Information Privacy Professional (CIPP/US). Certifications in the infosec industry provide assurance to employers and others in the industry that a certain level of technical proficiency has been met. These certifications demonstrate an intermediate proficiency in technical infosec subjects.

Beyond certifications, I am an administrator in the following programs – Splunk and Splunk Enterprise Security, Cylance, Exabeam, and Tenable’s SecurityCenter.

infosec.lawyer is the galvanization of my interest and experience in infosec, law, policy, and design.